Troubled Waters: How A New Wave of Cyber-Attacks is Targeting Maritime Trade

In concrete terms, the historical “air gap” separating industrial control systems from enterprise networks meant that factories and shipyards were more or less immune to cyber-attack. As long as systems were air-gapped it didn’t matter how pernicious or effective the cyber-threat became, we felt confident that these virtual concerns couldn’t impact our physical infrastructure.

But recent years have proven us wrong. As the global transition to smart infrastructure — from IoT sensors in trash cans to app-controlled irrigation systems — has enabled enormous gains in efficiency and precision, at the same time it has quietly deflated this air gap. As nearly every sector is digitizing, operational technology (OT) and IT are now intertwined more closely than ever before.

The global shipping industry has recently been under the spotlight as it discovers this truth, with companies and ports across the world significantly affected by cyber-attacks during the last few years. The 2017 NotPetya ransomware outbreak was one of the most devastating such attacks in history, and it one of the most well-known shipping companies more than $300 million in damages. Just over a month ago, on the heels of an attack on the Port of Long Beach, both the Port of Barcelona and the Port of San Diego suffered major security breaches in the span of less than a week.

The increasing convergence of IT and OT systems shows no signs of slowing. The rapid shift toward hyper-connected “smart” ports, for instance, is rendering physical harbors susceptible to traditionally digital threats. It is perhaps no surprise that the Port of Barcelona announced its intention to become a “digital port” just last year.

In addition to causing operational delays and necessitating expensive system repairs, the real risk posed by cyber-threats targeting critical infrastructure lies in their power to jeopardize real-world safety. Incidents like the 2014 explosion at a German steel mill, the result of a cyber-attack that began as a spear-phishing email, perhaps herald a future wherein existential dangers like war and terrorism exist entirely in cyberspace.

Although the full details have not yet emerged, the recent attacks in Barcelona and San Diego appear to be targeted, with the inadvertent success of last year’s ransomware campaign perhaps inspiring attackers to focus on the maritime sector. This sector is particularly threatened by disruptions due to such technology’s increasingly indispensable role in global trade. A serious compromise could inflict reputational damage, cause significant financial losses to the infected port, disrupt global trade, and even potentially manipulate the global market.

Protecting these vital commercial hubs has never been more imperative, but requires thinking beyond air-gapping or standard IT solutions. OT environments like ports are highly bespoke and are often comprised of machines whose antiquated operating systems don’t support modern security tools. Safeguarding the maritime industry is a task best accomplished with a technology that can learn the intricacies and normal behavior of industrial control systems while on the job. Hundreds of organizations in the maritime, energy & utilities, and critical infrastructure sectors are already working to implement sweeping security changes, deploying technologies that leverage innovations in cyber AI to identify anomalies and intercept threats in real time.

Warfare has already moved to the cyberspace – battles aren’t fought with guns across border lines, but with ones and zeros on both IT and OT networks. As this shift occurs, we need to reconsider the ways that we’re defending our digital and physical infrastructure.

This process begins with an awareness of the ways that digitalization projects expand the attack surface, but it also needs to include a reevaluation of our broader strategies and the tools we’re relying upon. Luckily, technology capable of autonomously fighting back against cyber-attackers already exists. The onus is now on industrial centers – from ports to oil rigs – to fight to stay one step ahead of our evolving adversary.

Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. With over 10 years of experience in cyber defense, Fier has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Fier is a highly-skilled technical officer, and a specialist in cyber operations across both offensive and defensive arenas.